On Fri, 2013-01-04 at 16:13 -0800, Dylan Martin wrote: > Hi all, thanks for reading. > > I'm trying to set up authentication against a remote imap server that > I don't run. I've got pam_imap working, so everything is fine as long > as the username on my box is the same as the username on imap server. > I'd like to somehow make it possible for someone to log in as a > different name than is submitted to the imap server. The fact that > I'm using imap really shouldn't matter. > > I run a web server for a community college. We have an email server > run by the district. I work at one of the campuses. I have zero > control over the email server at district. I want to authenticate > users on my web server with their imap accounts (because I hate > resetting passwords). Unfortunately, most web server account names > are different from the imap account names. For example 'english' or > 'lab' might be reasonable account names on my web server but that web > account will be managed by a human with an email account (and IMAP > username) like 'jdoe'. > > What I need is for someone to log in as 'lab' with a password and have > PAM ask the IMAP server to authenticate jdoe, and if that succeeds, > let them log in as 'lab'. > That means pam would somehow have to know to translate 'lab' into > 'jdoe' for the conversation with the IMAP server and NOT then try to > log the user in as 'jdoe' on the web server if the IMAP authentication > succeeded. > > With pam's flow-through-the-stack nature, I thought there might be a > module that would change the user name for authentication purposes. > Like this maybe: > > auth required pam_localuser.so > auth required pam_map_user.so file=/etc/usermap > auth requisite pam_imap.so > > I've actually done this before by hacking a module to both map a local > user to a remote username AND perform the authentication check. It > seems odd to me that I'd need to combine those steps. > > Is there a better way to handle this problem? You can put the mapping module after the pam_imap.so to set the PAM_USER back to the original value which you can save with pam_set_data(). -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list